Fix swf exploit

This commit is contained in:
Remco 2020-11-18 13:00:41 +01:00
parent 6b73e4b51c
commit dd1ba30a46

View File

@ -7,21 +7,26 @@ import java.io.OutputStream;
import java.net.URL; import java.net.URL;
import java.net.URLConnection; import java.net.URLConnection;
import java.net.URLEncoder; import java.net.URLEncoder;
import java.util.Arrays;
public class FTPUploadService { public class FTPUploadService {
private static final String ftpUrl = "ftp://%s:%s@%s/%s;type=i"; private static final String ftpUrl = "ftp://%s:%s@%s/%s;type=i";
public static void uploadImage(byte[] image, String uploadPath) throws IOException{ public static void uploadImage(byte[] image, String uploadPath) throws IOException{
String host = Emulator.getConfig().getValue("ftp.host"); byte[] pngSignature = new byte[] { -119, 80, 78, 71, 13, 10, 26, 10 };
String user = Emulator.getConfig().getValue("ftp.user");
String pass = Emulator.getConfig().getValue("ftp.password");
String uploadURL = String.format(ftpUrl, URLEncoder.encode(user, "UTF-8"), URLEncoder.encode(pass, "UTF-8"), host, uploadPath); if (Arrays.equals(Arrays.copyOfRange(image, 0, 8), pngSignature)) {
String host = Emulator.getConfig().getValue("ftp.host");
String user = Emulator.getConfig().getValue("ftp.user");
String pass = Emulator.getConfig().getValue("ftp.password");
URL url = new URL(uploadURL); String uploadURL = String.format(ftpUrl, URLEncoder.encode(user, "UTF-8"), URLEncoder.encode(pass, "UTF-8"), host, uploadPath);
URLConnection conn = url.openConnection();
OutputStream outputStream = conn.getOutputStream(); URL url = new URL(uploadURL);
outputStream.write(image, 0, image.length); URLConnection conn = url.openConnection();
outputStream.close(); OutputStream outputStream = conn.getOutputStream();
outputStream.write(image, 0, image.length);
outputStream.close();
}
} }
} }